How long does ClamAv take to scan Windows?

[linuxuser1232]

Hey so I got a cd of clamav from a friend and am testing it on an old computer to see if it works before I start my little virus cleaning business with it and it has been 2 hours since I started the scan and it is still going. How long does this usually take?
Thanks

[jayd512]

Depends on a couple of different things.
How many files are getting scanned? How large is the disc?
How powerful is the computer (CPU, RAM)?

I scanned a WinXP computer, 120 GB drive... took about 4 hours.

[linuxuser1232]

Depends on a couple of different things.
How many files are getting scanned? How large is the disc?
How powerful is the computer (CPU, RAM)?

I scanned a WinXP computer, 120 GB drive... took about 4 hours.

Yup when mine finished it took about 4 hours as well. I scanned the sda1 drive which is Windows drive i think. But the weird thing is that my windows partition is really small and it scanned a lot of files so I'm not sure. Anyway I found 1 infected file and i need help finding out what the file is and how to delete it.

[jayd512]

Add the -i option to clamscan to display the infected file.
To remove it, use the --remove option.

Here's the method that I prefer:
First, create a new directory. I did:

Code:

mkdir /tmp/virus

Then:

Code:

sudo clamscan -v -r --move /tmp/virus /

v - Verbose output of what's going on.
r - recursive scan to scan all files and directories.
--move /tmp/virus - moves any infected files to a /tmp file so you can look over them if you choose.
After that, you can delete these files with sudo rm -r /tmp/virus

[linuxuser1232]

where do i enter this code? When i start up the live boot cd with clamav or in terminal in ubuntu or in command prompt in Windows Vista.

[jayd512]

Is this computer a dual-boot setup? Or a Windows only machine?
If it's dual-boot, you can mount your Windows partition to, say, /mnt/windows. Then run above command.
If it's Windows only, boot to a LiveCD. Then run above command in a terminal.

[linuxuser1232]

it's a dual boot with windows and ubuntu but what I have is a cd with ubuntu and ClamAV on it that an IT friend gave me and what it does is it launches a boot: prompt and allows me to type things in it. That's how i scanned the sda1 disk.

[jayd512]

...and what it does is it launches a boot: prompt and allows me to type things in it. That's how i scanned the sda1 disk.

That should work just fine, and to refine it you can do it this way from your prompt:

Code:

sudo clamscan -v -r --move /tmp/virus /dev/sda1

That should scan the whole HDD.
If the LiveCD is going to be your primary method of using Clam, make sure to run:

Code:

sudo freshclam

to update your virus definitions, then remember to create /tmp/virus. Then run the scan.

[linuxuser1232]

where would i put /tmp/viruses and what does tmp stand for? I dont know if i should do this is the boot prompt in claim. I was given strict instructions on how to scan the sda1 and mount certain things before it scans. but i just don't know how to find that 1 infected file i received.

[jayd512]

/tmp is a sub-directory in the / system directory. It's already there in any Linux type system. Do ls / and you'll see it there.
Making the /tmp/virus folder just makes for an easy to find destination for where Clam will move any infected files.

So if you have, for example, an infected mp3 file, it will be moved to /tmp/virus.
From there, you can cd /tmp/virus to see what file it is. And remove it.